[SECURITY] [DSA 1435-1] New clamav packages fix several vulnerabilities

Marco Maske wrote:
> Dominic Hargreaves wrote:
>
>>> However, since the clamav version from Sarge cannot process all current
>>> Clam malware signatures any longer, support for the ClamAV in Sarge is
>>> now discontinued. We recommend to upgrade the the stable distribution
> ^^^^^^^^^^^^^^
>>> or run a backport of the stable version.
>> Are there any updates planned for sarge in volatile.debian.org?
>
> discontinued = no plans, no future, gone, ...

Hmm, he kind of asks if a stable backport would be considered to be
uploaded for sarge in volatile... which is not a priori ruled out,
though not very likely AFAICS.

Cheers

Luk

--

On Thu, 20 Dec 2007, Stephen Gran wrote:

> This one time, at band camp, Jim Popovitch said:
>> On Thu, 2007-12-20 at 01:12 +0000, Stephen Gran wrote:
>>> This one time, at band camp, Dominic Hargreaves said:
>>>>
>>>> Are there any updates planned for sarge in volatile.debian.org?
>>>
>>> Yes, and they're uploaded.
>>
>> Where?
>
> http://volatile.debian.org/debian-volatile/pool/volatile/main/c/clamav/
> --
> -----------------------------------------------------------------
> | ,''`. Stephen Gran |
> | : :' : |
> | `. `' Debian user, admin, and developer |
> | `- http://www.debian.org |
> -----------------------------------------------------------------
>

Apologies if this is the wrong place for the question. I'm still
relatively new to the debian world and trying to get a feel for what's
what/what's where.

Whenever I run freshclam I get an error about being on version 0.91.2 and
0.92 is what I should be running. When I follow the recommended link
there doesn't seem to be a new package available. I thought I had gone
through this process once before by adding this to /etc/apt/sources

deb http://volatile.debian.org/debian-volatile etch/volatile main contrib
non-free

However when I do an "apt-get update" (during which volatile is listed)
and then "apt-get upgrade" or "apt-get install clamav" I get a message
that I'm running the latest version. What am I missing?

Thanks
Forrest

--

Hi!

> ----- Original Message ----
> From: Aneurin Price
> To: Forrest Houston
> Cc: ; debian-security
> Sent: Friday, December 21, 2007 9:55:05 AM
> Subject: Re: [SECURITY] [DSA 1435-1] New clamav packages fix several vulnerabilities
>

> On 12/20/07, Forrest Houston wrote:
> > On Thu, 20 Dec 2007, Stephen Gran wrote:
>
> > Whenever I run freshclam I get an error about being on version 0.91.2
and
> > 0.92 is what I should be running. When I follow the recommended link
> > there doesn't seem to be a new package available. I thought I had
gone
> > through this process once before by adding this to /etc/apt/sources
> >
> > deb http://volatile.debian.org/debian-volatile etch/volatile main
contrib
> > non-free
> >
> > However when I do an "apt-get update" (during which volatile is
listed)
> > and then "apt-get upgrade" or "apt-get install clamav" I get a
message
> > that I'm running the latest version. What am I missing?
> >
>
> I have the same thing (except I'm running sarge). Looking at the
> volatile repository, it appears that the updated version of clamav is
> in (sarge|etch)-proposed-updates.
>
> Presumably this means that the main volatile distributions will be
> updated soon, or have I misunderstood the situation?
>

The same happened when they updated tzdata, and it took around 24 hours to move from "proposed-updates" to main volatile.

I think it should be about the same here.

c-ya!

Ildefonso Camargo

____________________________________________________________________________________
Looking for last minute shopping deals?
Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping